Hi...
as understand, some of person may can use tool like cain and abel to do the dhcp poision to make the same network user point to his laptop and the user will get some page from that laptop.
instead of i create different vlan to different WiFi ap to minimix network interruption.
can we have a rules that, the AP will only accept dhcp from the ethernet and send out via wireless then reject dhcp from wireless?
thanks.
-
-
angboontiong
Forum Guru
- Posts: 1136
- Joined:
Re: How to drop the dhcp (poison) from wireless (WiFi AP)...
if your broadcast domain is the wlan1 only, try to disable default forward (/int wir set wlan1 default-forwarding=no)
-
-
angboontiong
Forum Guru
- Posts: 1136
- Joined:
Re: How to drop the dhcp (poison) from wireless (WiFi AP)...
Hi...if your broadcast domain is the wlan1 only, try to disable default forward (/int wir set wlan1 default-forwarding=no)
my current setup is 1 vlan serve 20 AP (same vlan).
mean, my broadcast domain is on the bridge interface (bridge vlan + wlan1), thus the wireless client isolation will not work right.
correct me if i am wrong on this...
Re: How to drop the dhcp (poison) from wireless (WiFi AP)...
correct.
you need to activate bridge filter on each ap and drop unwanted dhcp packets
you need to activate bridge filter on each ap and drop unwanted dhcp packets
-
-
angboontiong
Forum Guru
- Posts: 1136
- Joined:
Re: How to drop the dhcp (poison) from wireless (WiFi AP)...
Hi, as i enable the "use IP Firewall" under the bridge seting.correct.
you need to activate bridge filter on each ap and drop unwanted dhcp packets
then i create a filter "chain=input action=drop protocol=udp in-interface=wlan1 src-port=67,68"
am i doing the right way to drop all the dhcp on whoever plan to poison my network by DHCP router?
appreciate it.
Re: How to drop the dhcp (poison) from wireless (WiFi AP)...
(from http://www.linklogger.com/UDP67_68.htm)
clients broadcast a request to the DHCP server:
UDP 0.0.0.0:68 -> 255.255.255.255:67
The DHCP server then responds with something like:
UDP 192.168.1.1:67 -> 255.255.255.255:68
if your poisoner is a dhcp server, and you want to block him you must:
chain=forward action=drop protocol=udp in-interface=wlan1 src-port=67
clients broadcast a request to the DHCP server:
UDP 0.0.0.0:68 -> 255.255.255.255:67
The DHCP server then responds with something like:
UDP 192.168.1.1:67 -> 255.255.255.255:68
if your poisoner is a dhcp server, and you want to block him you must:
chain=forward action=drop protocol=udp in-interface=wlan1 src-port=67
-
-
angboontiong
Forum Guru
- Posts: 1136
- Joined:
Re: How to drop the dhcp (poison) from wireless (WiFi AP)...
Hi, highly appreciated, i have look around and found that some post is still talking about hte net cut which is higher level on the hijack on the WiFi AP.(from http://www.linklogger.com/UDP67_68.htm)
clients broadcast a request to the DHCP server:
UDP 0.0.0.0:68 -> 255.255.255.255:67
The DHCP server then responds with something like:
UDP 192.168.1.1:67 -> 255.255.255.255:68
if your poisoner is a dhcp server, and you want to block him you must:
chain=forward action=drop protocol=udp in-interface=wlan1 src-port=67
as understand, still no solution for this, i afraid a day will meet some one to use the tools like Netcut or cain and abel...
Who is online
Users browsing this forum: javimojave, jstaw and 38 guests